While other MediaPost newsletters and articles remain free to all ... our new Research Intelligencer service is reserved for paid subscribers ...

Subscribe today to gain access to the every Research Intelligencer article we publish as well as the exclusive daily newsletter, full access to The MediaPost Cases, first-look research and daily insights from Joe Mandese, Editor in Chief.

Commentary

FTC Taps Privacy Researcher Soltani For Chief Technologist Role

The Federal Trade Commission has tapped privacy researcher Ashkan Soltani to serve as its new chief technologist.

Soltani, who starts in November, will replace Harvard's Latanya Sweeney -- who
became famous for research that cast doubt on anonymization techniques. Soltani's appointment is seen as signaling the FTC's continued interest in online companies' privacy and data practices.

“Ashkan is going to bring a tremendous amount of expertise to the Commission and should cause every data company to review their approach,” Jeff Chester, executive director of the
advocacy group Center for Digital Democracy, tells MediaPost. “Ashkan knows where the data bodies are buried. You can't fool him.”

The high-profile Soltani recently contributed to
the Washington Post's prize-winning articles about former National Security Agency contractor Edward Snowden's surveillance revelations. Soltani also consulted with The Wall Street
Journal for a series of pieces about tracking by online ad companies.

advertisement

advertisement

In addition, he has consulted with state regulators engaged in privacy investigations. For instance, he helped
the New Jersey Attorney General build a case against PulsePoint, which allegedly circumvented Safari users' privacy settings. PulsePoint (formed by a 2011 merger of Datran Media and ContextWeb), agreed to pay $1 million and to implement a comprehensive five-year privacy program as a result
of the probe.

That settlement grew out of allegations that PulsePoint “hacked” Safari's privacy defaults, which automatically block cookies by ad networks and exchanges. State
officials said in court papers that PulsePoint served an estimated 215 million ads to Safari users in New Jersey from June of 2009 through February of 2012. (PulsePoint said the cookies were set by
predecessor company ContextWeb, and that PulsePoint executives were not aware of the practice until last February, at which time they stopped employing the workaround.)

In 2011, Soltani
reported that the analytics company KISSmetrics tracked people using ETags,
which store information in users' browser caches. If those users erased their cookies, they could be recreated with information from the ETags.

KISSmetrics' technology caused concern because
the company assigned the same random identifier to users across more than one site. Soltani pointed out that doing so enabled companies to compare information about the same user, regardless of that
person's attempts to avoid tracking and online profiling. (The company's CEO said at the time that KISSmetrics never linked data about users' activities across sites.)

Within one week of
Soltani's report, KISSmetrics not only stopped using ETags, but said it would allow people to opt out of tracking.

Not everyone was enthusiastic about the FTC's move. Interactive Advertising
Bureau general counsel Mike Zaneis says it's “curious” that the FTC taps “privacy advocates” like Soltani to serve as technology officers.

He adds that some previous
FTC hires engaged in “a lot of wasted effort, tilting at these privacy windmills, like do-not-track.” Princeton professor Ed Felten, the FTC's first chief technology officer, worked on the World Wide Web Consortium's effort to develop standards to interpret browser-based
do-not-track signals. That initiative is still underway.